With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, a new survey from Varonis reports that 75% of organizations are in danger of failing to meet the Regulation’s requirements by the compliance deadline.
US companies better prepared
According to the survey, which polled IT decision makers from the UK, France, Germany, and the US, over 90% of respondents identified particular challenges in complying with the GDPR by the deadline. In general, the US is better prepared than European countries in preparing to meet these challenges.
For instance, 78% of US respondents said they had carried out an internal audit or data privacy impact assessment in the past year. By comparison, that figure stands at 60% for the UK, 68% for France, and 65% for Germany.
However, that still means nearly a quarter of organizations in the US haven’t done this, and there are plenty of other requirements to fulfil. The survey isolates the following requirements as causing the biggest problems:
- The right to be forgotten
- Data protection by design
- Records of processing activities
- Security of processing
- Notification of a personal data breach to the supervisory authority
- Data protection impact assessments
Part of the reason for this, according to the survey, is that many organizations either haven’t set aside a budget to prepare for the Regulation or their budget isn’t sufficient. This is despite 60% of respondents agreeing that their company would have a competitive advantage in their sector by adhering to the GDPR.
Only 38% of respondents said that their organization has allocated a separate, sufficient budget to achieve and maintain compliance. That figure jumps to 52% when looking at the US alone.
A further 30% of organizations (24% in the US) said they had been allocated a budget but it wasn’t sufficient, while in both the US and Europe, around a quarter of organizations don’t have a budget in place at all.
How can you prepare?
If you want to know what your organization should be doing to prepare for the GDPR, you should read our free green paper, EU General Data Protection Regulation – A Compliance Guide. It provides an overview of the Regulation and how it will impact US organizations, as well as detailing the critical areas organizations need to be aware of when preparing for compliance.